SOC Engineer

We are looking for a SOC Engineer with at least 2 years of experience in managing and maintaining cybersecurity operation tools, devices, and systems. This role involves supporting security operations by managing SIEM, EDR, firewalls, IDS/IPS, DLP, IAM, cloud security, and other security technologies. The ideal candidate will have hands-on experience in security monitoring, log analysis, alert tuning, and automation to enhance detection and response capabilities.

As a SOC Engineer, you will work closely with SOC analysts, incident responders, and IT teams to optimize security tools, improve visibility into threats, and ensure a strong cybersecurity posture.

Key Responsibilities:

Security Tools & Platform Management:

• Deploy, configure, and maintain SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), IDS/IPS, WAF (Web Application Firewall), and DLP (Data Loss Prevention) solutions.
• Monitor and optimize security systems, ensuring logs and alerts are properly ingested and correlated for threat detection.
• Fine-tune detection rules, correlation rules, and alerting mechanisms to minimize false positives and improve threat visibility.
• Manage and maintain endpoint security tools, including antivirus, EDR, and HIPS solutions.
• Work with firewalls, VPNs, and network security tools to ensure robust perimeter security.

Security Monitoring & Threat Detection:

• Support SOC analysts and incident responders by ensuring security tools provide actionable intelligence.
• Analyze logs, alerts, and telemetry data to identify suspicious activities and security incidents.
• Assist in threat hunting efforts by developing custom queries and detections.
• Develop and implement automation scripts for security tasks using Python, PowerShell, or Bash.

Cloud & Identity Security Support:

• Assist in managing security tools within cloud environments (AWS, Azure, Google Cloud).
• Support identity and access management (IAM) systems, including SSO, MFA, and privileged access management (PAM).
• Monitor and enforce security policies for cloud security posture management (CSPM) and workload protection.

Incident Response & Continuous Improvement:

• Assist in incident response efforts, ensuring tools support containment, eradication, and recovery efforts.
• Document security incidents, detection rules, and response playbooks for continuous improvement.
• Collaborate with IT and security teams to enhance vulnerability management, patching, and system hardening.

Required Skills & Qualifications:

• 2+ years of experience in SOC engineering, cybersecurity operations, or security administration.
• Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, Elastic Security, etc.).
• Experience with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, etc.).
• Familiarity with IDS/IPS (Snort, Suricata), firewalls (Palo Alto, Fortinet, Cisco), and endpoint security solutions.
• Basic knowledge of cloud security controls (AWS, Azure, Google Cloud).
• Understanding of MITRE ATT&CK framework, Cyber Kill Chain, and threat detection methodologies.
• Experience with log analysis, security event correlation, and alert tuning.
• Basic scripting skills in Python, PowerShell, or Bash for automation.

R1442954